java.lang.ClassNotFoundException: org.springframework.security.access.expression.SecurityExpressionHandler when using <security:authorize > tag

Kuzanagi picture Kuzanagi · Sep 3, 2013 · Viewed 8.1k times · Source

I'm using Spring Security for the first time with Spring MVC and Tiles. Everything is Ok about authentication using users/roles from database, but when I add the <security:authorize> tag to make adaptation according to the user authenticated in the views I'm getting this error :

java.lang.ClassNotFoundException: org.springframework.security.access.expression.SecurityExpressionHandler
    org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1714)
    org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
    java.lang.Class.getDeclaredMethods0(Native Method)
    java.lang.Class.privateGetDeclaredMethods(Unknown Source)
    java.lang.Class.getDeclaredMethods(Unknown Source)
    org.apache.catalina.util.Introspection.getDeclaredMethods(Introspection.java:127)
    org.apache.jasper.runtime.TagHandlerPool.get(TagHandlerPool.java:121)
    org.apache.jsp.WEB_002dINF.pages.jsp.indexAdmin2_jsp._jspx_meth_security_005fauthorize_005f0(indexAdmin2_jsp.java:262)
    org.apache.jsp.WEB_002dINF.pages.jsp.indexAdmin2_jsp._jspService(indexAdmin2_jsp.java:223)
    org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:432)
    org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
    org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
    org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:250)
    org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1047)
    org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:817)
    org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:719)
    org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:669)
    org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:574)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:343)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
    org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
    org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
    org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
    org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
    org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

This is an example of a Tile causing this trouble :

<%@taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<div class="leftpanel">
        <div class="leftmenu">        
            <ul class="nav nav-tabs nav-stacked">
                 <li class="nav-header">iERP</li>
                 <security:authorize ifAnyGranted="ROLE_ADMIN" >
                 <li class="dropdown active"><a href="#"><span class="iconfa-th-list"></span>AAA</a>
                    <ul>
                         <li><a href="GestionServices.erp">Gestion des Services</a></li>
                    </ul>
                </li>
                </security:authorize>
                <security:authorize ifAnyGranted="ROLE_USER" >
                <li class="dropdown active"><a href="#"><span class="iconfa-list-alt"></span>Section de Facturation</a>
                    <ul>
                         <li><a href="FacturesParMois.erp">Facturation Par Périodes</a></li>
                    </ul>
                </li>
                </security:authorize>
            </ul>
       </div>
</div>

Answer

Kuzanagi picture Kuzanagi · Sep 4, 2013

When I checked my WEB-INF/lib folder I found that I had different versions of spring-security jars, some had 3.1.4 and others 3.0.2. It's working well now with all jars on 3.1.4 version ! Thank you Luke, your comment gave me the answer !